b'                       U.S. Environmental Protection Agency                                                    09-P-0188\n                                                                                                            June 30, 2009\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                              Catalyst for Improving the Environment\n\n\nWhy We Did This Review            Results of Technical Network Vulnerability\nThe Office of Inspector\n                                  Assessment: EPA\xe2\x80\x99s Potomac Yard Buildings\nGeneral contracted with\nWilliams, Adley & Company,         What Williams, Adley & Company, LLP, Found\nLLP, to conduct the annual\naudit of the U.S.                 Vulnerability testing of EPA\xe2\x80\x99s Potomac Yard buildings network conducted during\nEnvironmental Protection          April 2009 indicated several high-risk vulnerabilities. If not resolved, these\nAgency\xe2\x80\x99s (EPA\xe2\x80\x99s) compliance       vulnerabilities could expose EPA\xe2\x80\x99s assets to unauthorized access and potential\nwith the Federal Information      harm to the Agency\xe2\x80\x99s network.\nSecurity Management Act\n(FISMA). Williams, Adley &         What Williams, Adley & Company, LLP, Recommends\nCompany, LLP, conducted the\nnetwork vulnerability testing     There are four EPA offices involved with the Potomac Yard buildings: Office of\nof the Agency\xe2\x80\x99s network           Solid Waste and Emergency Response; Office of Prevention, Pesticides, and\nlocated at EPA\xe2\x80\x99s Potomac          Toxic Substances; Office of Environmental Information; and Office of Research\nYard buildings in Arlington,      and Development. Williams, Adley & Company, LLP, recommends that the\nVirginia.                         Acting Director, Office of Technology Operations and Planning, and the Senior\n                                  Information Officials for these offices:\nBackground\n                                  \xe2\x80\xa2   Implement actions to resolve all high-risk vulnerability findings.\nThe network vulnerability         \xe2\x80\xa2   Update EPA\xe2\x80\x99s Automated Security Self Evaluation and Remediation\ntesting was conducted to              Tracking (ASSERT) system.\nidentify any network risk         \xe2\x80\xa2   Perform a technical vulnerability assessment within 30 days to demonstrate\nvulnerabilities and present the       and document corrective actions have resolved the vulnerabilities.\nresults to the appropriate\nEPA officials to promptly         Due to the sensitive nature of the report\xe2\x80\x99s technical findings, the full report is not\nremediate or document             available to the public.\nplanned actions to resolve the\nvulnerability.\n\n\n\nFor further information,\ncontact our Office of\nCongressional, Public Affairs\nand Management at\n(202) 566-2391.\n\x0c'